Live Webinar | 26 June 2025 9AM PT
From Black Box to Boardroom: Operationalizing Trust in AI Governance
HIPAA

HIPAA Covered Entities

Individuals, organisations, and agencies that meet the HIPAA definition of a covered entity must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain health information rights. If a covered entity employ a business associate to facilitate it in carrying out its healthcare activities and functions, the covered entity must have a written business associate contract or other arrangements with the business associate that specifies what the business associate has been employed to do and requires the business associate to adhere to the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.

If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.

A covered entity is one of the following:

Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo